Author
Topic: SAP's own security (Read 3190 times)

And glad to find all relevant SAP components use both protection measures.

7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.I don't ask what program language is used since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

And glad to find all relevant SAP components use both protection measures.

7zip don't use, but it's not SAP's fault and probably it is for new compression feature added to UAV.Others seems to be kernel mode drivers which can't be apply DEP or ASLR to.

But I want some more clarification about SAP's own security.I don't ask what program language is used since it might be secret, but do you use any secure coding method and have an audit team or process including e.g. fuzzing other than peer code review?

SAP seems to use filter driver but does SAP makes use of hook to block e.g. an execution of a process?

Also I found I can safely kill some of SAP processes but what exact process have self-protection?

Finally, Does any of SAP's process is/will be compatible with EMET?

Sorry for asking so much questions at once.

Hi Yuki,

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further

Logged

_____________________________________SecureAPlus - It is not just another antivirus! Free download at secureaplus.secureage.com

We use secure coding method most of the time and we don't use any kind of hooking. Our test team has also tested SecureAPlus with EMET and it works fine. That's all I can say and sorry, I can't share any further

That's okay, in fact that's all I wanted to hear from you. As to self-protection and EMET compatibiity, I'll test personally but not soon.